Google crawler tricked into performing SQL injection attacks using decade-old technique | Ars Technica

Google crawler tricked into performing SQL injection attacks using decade-old technique | Ars Technica.

It is interesting to note that you could be the unfortunate recipient of a DOS attack from Google/Bing/Yahoo simply because someone creates a page that will overload your database and bring your server to its knees. The real lesson here is that you should NEVER execute any SQL based on user supplied data without vetting it first. The secondary lesson is that you should (if you can) limit requests to your server from search engines via your robots.txt file (from here):

If your web application does have issues with handling occasional requests (for example on request per second), you can slow down Bing and Yahoo with the following entry in robots.txt:

Crawl-delay: 120

This will ask crawlers to wait at least 120 seconds between requests. For Google, you can define the delay in the webmaster tools.

The system load quota of 1000 requests per 2 seconds has been exceeded Archives | Kasper Kristensen

The system load quota of 1000 requests per 2 seconds has been exceeded Archives – Kasper Kristensen.

When you try to open the Exchange Management Console this error occurs:

The attempt to connect to http://sbs2011.domain.local/powershell using Kerberos authetication failed: Connecting to remote server failed with the following error message: The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded. Send future request at a slower rate or raise the system quota. The next request from this user will not be approve for at least 1522693632 milliseconds. For more information see the about Remote_Troubleshooting

Fix?

just run iisreset from cmd

Vulnerabilities in some Netgear router and NAS products open door to remote attacks | Techworld.com

After reading this we are recommending that anyone with a Netgear router/firewall product checks the following URL:

http://<<address_of_router>>/BRS_02_genieHelp.html

If this comes up with an authentication request then there is no need for concern – HOWEVER if this does present a page to you then we STRONGLY recommend turning off Remote administration of the router until Netgear issues an update – or getting a new (non Netgear) router/firewall.

Vulnerabilities in some Netgear router and NAS products open door to remote attacks – Techworld.com.

CryptoLocker Ransomware Information Guide and FAQ | BleepingComputer

The Cryptolocker ransomware is still going strong. In essence, once your computer has been infected it encrypts all of your “document” files based on file extension and then gives the user 72 hours to pay the ransom ($300 USD or 2 BTC). It will encrypt not only the local files but also any files stored on shared drives – which makes it critical that you are protected. It is one of the few pieces of ransomware that does encryption *correctly* so at present, short of paying the ransom, there is no other means to decrypt. Bleeping Computer has a good write up of the virus and what to do:

CryptoLocker Ransomware Information Guide and FAQ.